Jonny Posted March 4, 2010 ID:209440 Share Posted March 4, 2010 Hello,I'm also suffering from this infection after running a bad application. MBSA scans confirm cleans, but the infection remains. Comodo Internet didn't spot it so I installed Avast. After rebooting the AV was disabled and couldn't be restarted so I replaced with FSecure AV trial. Again, virus removal confirmed (Exploit.PDF-JS.Gen), but multiple Trojan.Generic.KD.374 infections appear to be continually found and removed (how do you get the logs in fsecure trial AV, ie export/txt?!)Hyperlinks in Firefox still SOMETIMES take me to erroneous sites , chrome was removed because nothing's happening (kill pages prompt following no response), and MBSA / SuperAntispyware still find various nastys. Kaspersky? AVG?! ComboFix won't run, and I'm ready to restore from a backup using Acronis TrueImage, but don't know if theat will fix...mbam /sas logs attached (rebooting to complete mbsa clean + run mgtools ... again!)Jonnymbam_log_2010_03_04__12_02_54_.txt Link to post Share on other sites More sharing options...
Jonny Posted March 4, 2010 Author ID:209446 Share Posted March 4, 2010 HJT log Logfile of HijackThis v1.99.1Scan saved at 12:11:15, on 04/03/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\F-Secure\Anti-Virus\fsgk32st.exeC:\Program Files\F-Secure\Common\FSMA32.EXEC:\Program Files\F-Secure\Anti-Virus\FSGK32.EXEC:\Program Files\F-Secure\Common\FSHDLL32.EXEC:\Program Files\UPHClean\uphclean.exeC:\Program Files\Sony\VAIO Event Service\VESMgr.exeC:\Program Files\F-Secure\FWES\Program\fsdfwd.exeC:\Program Files\F-Secure\Anti-Virus\fssm32.exeC:\Program Files\F-Secure\Anti-Virus\fsav32.exeC:\Program Files\F-Secure\Common\FSM32.EXEC:\Program Files\Apoint\Apoint.exeC:\Program Files\UltraMon\UltraMon.exeC:\Program Files\PeerBlock\peerblock.exeC:\Program Files\Apoint\Apntex.exeC:\WINDOWS\system32\taskmgr.exeC:\WINDOWS\explorer.exeC:\Program Files\HijackThis\hijackthis.exeR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localF2 - REG:system.ini: Shell=Explorer.exe O1 - Hosts: 64.71.163.204 cddb.cddb.orgO2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.10.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splashO4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSWO4 - HKCU\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exeO4 - HKCU\..\Run: [ultraMon] "C:\Program Files\UltraMon\UltraMon.exe" /autoO4 - HKCU\..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exeO9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.4.1.10.dll/206 (file missing)O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dllO10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dllO10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dllO10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dllO10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dllO10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dllO16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cabO16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dllO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeO23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exeO23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exeO23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXEO23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure\ORSP Client\fsorsp.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exeO23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exeO23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe Link to post Share on other sites More sharing options...
Staff screen317 Posted March 18, 2010 Staff ID:216405 Share Posted March 18, 2010 Hi and welcome to Malwarebytes.Do you still need help? Link to post Share on other sites More sharing options...
Staff screen317 Posted March 28, 2010 Staff ID:223056 Share Posted March 28, 2010 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts